Results 1 
8 of
8
Applying Formal Methods to the Analysis of a Key Management Protocol
 Journal of Computer Security
, 1992
"... In this paper we develop methods for analyzing key management and authentication protocols using techniques developed for the solutions of equations in a term rewriting system. In particular, we describe a model of a class of protocols and possible attacks on those protocols as term rewriting system ..."
Abstract

Cited by 83 (11 self)
 Add to MetaCart
In this paper we develop methods for analyzing key management and authentication protocols using techniques developed for the solutions of equations in a term rewriting system. In particular, we describe a model of a class of protocols and possible attacks on those protocols as term rewriting systems, and we also describe a software tool based on a narrowing algorithm that can be used in the analysis of such protocols. We formally model a protocol and describe the results of using these techniques to analyze security properties. We show how a security flaw was found, and we also describe the verification of a corrected scheme using these techniques. 1 Introduction It is difficult to be certain whether or not a cryptographic protocol satisfies its requirements. In a number of cases subtle security flaws have been found in protocols some time after they were published. These flaws were independent of the strengths or weakness of the cryptographic algorithms used. Examples include the N...
Combination Techniques for NonDisjoint Equational Theories
 Proceedings 12th International Conference on Automated Deduction
, 1994
"... ion variables which are variables coming from an abstraction, either during preprocessing or during the algorithm itself. 3. Introduced variables which are variables introduced by the unification algorithms for each theory. We make the very natural assumption that the unification algorithm for each ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
ion variables which are variables coming from an abstraction, either during preprocessing or during the algorithm itself. 3. Introduced variables which are variables introduced by the unification algorithms for each theory. We make the very natural assumption that the unification algorithm for each theory may recognize initial, abstraction and introduced variables and never assigns an introduced variable to a nonintroduced one or an abstraction variable to an initial one. With this assumption, our combination algorithm will always make an introduced variable appear in at most one \Gamma i . We may thus also suppose that the domain of each solution does not contain an introduced variable. This does not compromise the soundness of our algorithm. The combination algorithm is described by the two rules given in figure 2. In the rule UnifSolve i , ae SF is obtained by abstracting aliens in the range of ae by fresh variables. ae F i is the substitution such that xae = xae SF ae F i for al...
Cooperation of Decision Procedures for the Satisfiability Problem
 Frontiers of Combining Systems: Proceedings of the 1st International Workshop, Munich (Germany), Applied Logic
, 1996
"... : Constraint programming is strongly based on the use of solvers which are able to check satisfiability of constraints. We show in this paper a rulebased algorithm for solving in a modular way the satisfiability problem w.r.t. a class of theories Th. The case where Th is the union of two disjoint t ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
: Constraint programming is strongly based on the use of solvers which are able to check satisfiability of constraints. We show in this paper a rulebased algorithm for solving in a modular way the satisfiability problem w.r.t. a class of theories Th. The case where Th is the union of two disjoint theories Th 1 and Th 2 is known for a long time but we study here different cases where function symbols are shared by Th 1 and Th 2 . The chosen approach leads to a highly nondeterministic decomposition algorithm but drastically simplifies the understanding of the combination problem. The obtained decomposition algorithm is illustrated by the combination of nondisjoint equational theories. Keywords: constraint programming, decision procedure, satisfiability, combination problem (R'esum'e : tsvp) INRIALorraine & CRIN, email: Christophe.Ringeissen@loria.fr Unit de recherche INRIA Lorraine Technpole de NancyBrabois, Campus scientifique, 615 rue de Jardin Botanique, BP 101, 54600 VILLE...
Unification in a combination of equational theories with shared constants and its application to Primal Algebras
 In Proceedings of the 1st International Conference on Logic Programming and Automated Reasoning, St. Petersburg (Russia), volume 624 of Lecture Notes in Artificial Intelligence
, 1992
"... . We extend the results on combination of disjoint equational theories to combination of equational theories where the only function symbols shared are constants. This is possible because there exist finitely many proper shared terms (the constants) which can be assumed irreducible in any equational ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
. We extend the results on combination of disjoint equational theories to combination of equational theories where the only function symbols shared are constants. This is possible because there exist finitely many proper shared terms (the constants) which can be assumed irreducible in any equational proof of the combined theory. We establish a connection between the equational combination framework and a more algebraic one. A unification algorithm provides a symbolic constraint solver in the combination of algebraic structures whose finite domains of values are non disjoint and correspond to constants. Primal algebras are particular finite algebras of practical relevance for manipulating hardware descriptions. 1 Introduction The combination problem for unification can be stated as follows: given two unification algorithms in two (consistent) equational theories E 1 on T (F 1 ; X) and E 2 on T (F 2 ; X), how to design a unification algorithm for E 1 [ E 2 on T (F 1 [ F 2 ; X)? The ge...
RuleBased Constraint Programming
 Fundamenta Informaticae
, 1998
"... In this paper we present a view of constraint programming based on the notion of rewriting controlled by strategies. We argue that this concept allows us to describe in a unified way the constraint solving mechanism as well as the metalanguage needed to manipulate the constraints. This has the a ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
In this paper we present a view of constraint programming based on the notion of rewriting controlled by strategies. We argue that this concept allows us to describe in a unified way the constraint solving mechanism as well as the metalanguage needed to manipulate the constraints. This has the advantage to provide descriptions that are very close to the proof theoretical setting used now to describe constraint manipulations like unification or numerical constraint solving. We examplify the approach by presenting examples of constraint solvers descriptions and combinations written in the ELAN language. 1
Combination of Matching Algorithms
 Proceedings 11th Annual Symposium on Theoretical Aspects of Computer Science, Caen (France), volume 775 of Lecture Notes in Computer Science
, 1994
"... . This paper addresses the problem of systematically building a matching algorithm for the union of two disjoint equational theories. The question is under which conditions matching algorithms in the single theories are sufficient to obtain a matching algorithm in the combination? In general, the bl ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
. This paper addresses the problem of systematically building a matching algorithm for the union of two disjoint equational theories. The question is under which conditions matching algorithms in the single theories are sufficient to obtain a matching algorithm in the combination? In general, the blind use of combination techniques introduces unification. Two different restrictions are considered in order to reduce this unification to matching. First, we show that combining matching algorithms (with linear constant restriction) is always sufficient for solving a pure fragment of combined matching problems. Second, we present a combined matching algorithm which is complete for the largest class of theories where unification is not needed, including collapsefree regular theories and linear theories. 1 Introduction The process of matching is crucial in term rewriting, from automated deduction involving simplification rules to the implementation of operational semantics for programming l...
Unification Algorithms Cannot be Combined in Polynomial Time
 in Proceedings of the 13th International Conference on Automated Deduction, M.A. McRobbie and J.K. Slaney (Eds.), Springer LNAI 1104
, 1996
"... . We establish that there is no polynomialtime general combination algorithm for unification in finitary equational theories, unless the complexity class #P of counting problems is contained in the class FP of function problems solvable in polynomialtime. The prevalent view in complexity theory is ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. We establish that there is no polynomialtime general combination algorithm for unification in finitary equational theories, unless the complexity class #P of counting problems is contained in the class FP of function problems solvable in polynomialtime. The prevalent view in complexity theory is that such a collapse is extremely unlikely for a number of reasons, including the fact that the containment of #P in FP implies that P = NP. Our main result is obtained by establishing the intractrability of the counting problem for general AGunification, where AG is the equational theory of Abelian groups. Specifically, we show that computing the cardinality of a minimal complete set of unifiers for general AGunification is a #Phard problem. In contrast, AGunification with constants is solvable in polynomial time. Since an algorithm for general AGunification can be obtained as a combination of a polynomialtime algorithm for AGunification with constants and a polynomialtime algorithm...
Negation in Combining Constraint Systems
 Communications of the ACM
, 1998
"... In a recent paper, Baader and Schulz presented a general method for the combination of constraint systems for purely positive constraints. But negation plays an important role in constraint solving. E.g., it is vital for constraint entailment. Therefore it is of interest to extend their results to t ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
In a recent paper, Baader and Schulz presented a general method for the combination of constraint systems for purely positive constraints. But negation plays an important role in constraint solving. E.g., it is vital for constraint entailment. Therefore it is of interest to extend their results to the combination of constraint problems containing negative constraints. We show that the combined solution domain introduced by Baader and Schulz is a domain in which one can solve positive and negative "mixed" constraints by presenting an algorithm that reduces solvability of positive and negative "mixed" constraints to solvability of pure constraints in the components. The existential theory in the combined solution domain is decidable if solvability of literals with socalled linear constant restrictions is decidable in the components. We also give a criterion for ground solvability of mixed constraints in the combined solution domain. The handling of negative constraints can be signific...